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REMARKS/ARGUMENTS 

I. Status of the Claims 

This amendment is filed in response to a final office action mailed April 8, 2005 
and an advisory action mailed July 5, 2005. An amendment after final was mailed June 8, 2005 
and was entered by the Examiner. This amendment is submitted as the requisite submission for 
the request for continued examination filed herewith. 

Prior to entry of this amendment, claims 1-52 and 56-63 are pending in the 
application. This amendment neither amends nor cancels any claims, but the amendment does 
add new claims 64-65. Hence, after entry of this amendment, claims 1-52 and 56-67 remain 
pending, and reconsideration of the pending claims is respectfully requested. 

n. New Claims 

New claims 64-67 have been added. Support for the new claims can be found, 
inter alia, at pages 34-35 of the application. 

m. Claim Rejections under 35 U.S.C. SI 02(e) 

The final office action rejected claims 56, 59 and 60 under § 102(e) as being 
anticipated by US Patent No. 6,266,752 Bl ("Gupta"). The applicants traverse the rejections for 
at least the following reasons and respectfully request reconsideration of the rejected claims. 

Claim 56 recites, inter alia, "receiving a request from an application without a 
web agent front end to allow said first user to access a second protected resource . . . ." Gupta 
fails to teach or suggest at least this element of claim 56. The advisory action maintains the 
position that Gupta discloses an application without a web front end, referring to lines 46-53 of 
column 1 1 and lines 13-27 of column 12. Neither of these cited portions, however, provide any 
disclosure or indication that the described system comprises an "application without a web agent 
front end," as that term is used in the claims. 
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Instead, Gupta expressly teaches that the application server in Gupta's system in 

fact does have a web agent front end: 

To enable an application to communicate with the 
login server and remove any authentication functionality from the 
application server, one or more embodiments may require the use 
of a web server (any server that supports servlets). A servlet is a 
software program that runs on a server. A servlet can be invoked 
by a client via a name or a URL, for example. The web server 
implements classes that provide for the performance of requested 
actions for the client. For example, a doGet method may be 
implemented to perform a GET action and a doPost method may 
be implemented to perform a POST action. The doGet and doPost 
methods are only called once a user has been validated (i.e., has a 
valid cookie) and authenticated in accordance with the invention. 
In one or more embodiments, the doGet and doPost methods are 
subclasses of an AuthHttpServlet class. Thus, any applications that 
provide for the functionality to communicate with the login server 
will work in accordance with one or morfe embodiments of the 
invention. 

In one or more embodiments, a web server may 
provide for the functionality to work with the login server. As a 
result, servlets (applications on the application server) are 
protected such that they only respond to client requests if the user 
has a valid cookie (or token) and has been authenticated. In one or 
more embodiments, utilizing such a web server may not require 
servlets to subclass an AuthHttpServlet class. Alternatively, 
servlets may subclass an HttpServlet class. In such a subclass, the 
doGet and doPost methods may be overridden to provide the 
desired application functionality when an authenticated user 
invokes such a servlet. Although any type of web server may be 
utilized, an example of a web server that may provide for such 
functionality is the Java web server available from Sun 
Microsystems. 

(c. 14, 11. 28-60). 

In the passage quoted above, Gupta describes an application with web agent front 
end. In fact, Gupta notes that embodiments "may require the use of a web server"; in light of 
this disclosure, it is difficult to see how the advisory action possibly can be correct in stating that 
Gupta discloses an application without a web agent front end, especially since Gupta fails to 
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teach or suggest any alternative configuration that would allow Gupta to function without the use 
of a web server. In particular, nothing in the cited portion of Gupta (that is, c. 1 1, 11. 46-53 and c. 
12, 11. 13-27) indicates that an application might be able to function without a web agent front 
end. If the rejections in light of Gupta are to be maintained, the applicants respectfully request a 
citation to some portion of Gupta that provides any enabling disclosure of an application without 
a web agent front end. 

Hence, it is believed that Gupta, which discloses only embodiments that use a 
web agent front end, fails to teach or suggest an application without a web agent front end, as 
recited by claim 56. For at least this reason, claim 56 is believed to be allowable over Gupta, and 
reconsideration of that claim is respectfully requested. For at least similar reasons, claims 59 and 
60 are believed to be allowable over Gupta. 

IV. Claim Rejections under 35 U.S.C. § 103(a) 

The final office action rejected the remaining claims under § 103(a) as 
unpatentable over Gupta, taken in combination with various other references. Specifically, the 
office action rejected claims 1, 2, 6, 7, 9-22, 26, 27, 31-36, 39-43, 46-50 and 61 under § 103(a) 
as unpatentable over Gupta in view of US Patent No. 6,460,141 Bl ("Olden"), claims 3-5, 8, 28- 
30, 37, 44, 45, 51, 52 and 62-63 under § 103(a) as unpatentable over Gupta in view of Olden and 
US Patent No. 6,668,322 Bl ("Wood"), claims 23-25 under § 103(a) as unpatentable over the 
combination of Gupta, Olden and US Patent No. 6,286,098 Bl ("Wenig"), and claims 57 and 58 
under § 103(a) as unpatentable over Gupta in view of Wood. These rejections are traversed, and 
the applicants respectfully request reconsideration of the rejected claims. 

In order to form a prima facie case of obviousness, an office action must show, 
inter alia, that the combined references teach or suggest each limitation of the rejected claim. 
MPEP § 706.02(j). Applicants respectfully submit that the cited references fail, individually and 
collectively, to teach or suggest each element of any rejected claim. 

Consider, for example, claim 1, which recites, inter alia, "receiving, at said 
application program interface, a request to authorize said first user to access a first resource, said 
request to authorize is from said application without a web agent front end . . . ." For 
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substantially the reasons discussed above with respect to claim 56, Gupta fails to teach or suggest 
this element of claim 1 . 

Neither does the cited portion of Olden teach this element. For example, Olden 
(c. 23, 11. 58-60) teaches that "the cookie passes a Web user's credentials to the Web server plug- 
in, eliminating the need for the user to submit his or her password again. This cookie enables all 
protected Web servers 20A, 20B, 20C to share authentication information." Referring to Fig. 1, 
one can see that the "Web server plug-in" referenced in that passage is in fact an "authorizer 
plug-in," which is a component of the webservers (20A, 20B, 20C), and which interacts with the 
authorization server (24) of Olden's invention. Hence, the disclosed passage of Olden actually 
teaches the use of a web agent front end, similar to the system of Gupta, discussed above. 

For at least these reasons, the combination of Gupta and Olden fails to teach or 
suggest each element of claim 1 , and claim 1 is believed to be allowable over this combination. 
For at least similar reasons, independent claims 36 and 43 are believed to be allowable over the 
cited references. For at least similar reasons, dependent claims 2-26, 37-42 and 44-49, each of 
which depend from claim 1, 36 or 43, are believed to be allowable, since they each ultimately 
depend from allowable base claims and because they are directed to specific novel substitutes. 

For instance, dependent claim 20 recites, inter alia, "making available to said 
application an indication of said one or more authorization actions for said first resource." 
Nothing in either Gupta or Olden appears to teach or suggest this limitation. While the cited 
portion of Gupta (c. 12, 11.25-42) does teach forwarding retrieved results of user interrogation to 
an authentication service, nothing in that passage teaches "making available to [an] application 
an indication of [an] authorization action[]," as recited in claim 20. In fact, Gupta fails to 
disclose providing to any system component any indication of an authorization action. For at 
least this additional reason. 

New claims 64-67, each of which ultimately depend from claim 1, are believed to 
be allowable as well. Specifically, it is believed that the cited references fail to teach or suggest 
maintaining at a directory server a policy domain, wherein the policy domain comprises at least 
one authorization rule for said first resource; at least one authentication rule for said first 
resource; and at least one audit rule for said first resource," as recited in claim 64. Further, it is 
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believed that the cited references fail to teach or suggest that "the at least one authentication rule 
is a plurality of authentication rules comprising a first level authentication rule and a second 
level authentication rule," as recited in claim 65. It is also believed that the cited references fail 
to teach or suggest that a policy domain might comprise at least one URL prefix or at least one 
host identifier, as recited in claims 66 and 67, respectively. For at least these reasons, additional 
claims 64 and 65 are believed to be allowable. 



Independent claim 27 recites, inter alia, "receiving, at an application without a 



web agent front end, an electronic request from a first user to access a first resource, said step of 
receiving includes receiving information from a cookie . . . ." As noted above, the combination 
of Gupta and Olden fails to disclose an application without a web agent front end, and at least for 
reasons similar to those discussed above, claim 27 is believed to be allowable over the cited 
combination. Dependent claims 28-36, each of which ultimately depend from claim 26, are 
believed to be allowable for at least similar reasons. Independent claims 50 and 61, each of 
which also have been amended to recite "an application without a web agent front end," (and 
dependent claims 51, 52, 62 and 63, which depend therefrom), are believed to be allowable for at 
least similar reasons. 

In view of the foregoing, the applicants believe all claims now pending in this 
Application are in condition for allowance and an action to that end is respectfully requested. 

If the Examiner believes a telephone conference would expedite prosecution of 
this application, please telephone the undersigned at 303-571-4000. 

Respectfully submitted, 



TOWNSEND and TOWNSEND and CREW LLP 
Two Embarcadero Center, 8 th Floor 
San Francisco, California 94111-3834 
Tel: 303-571-4000; 
Fax: 415-576-0300 
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